Hi,
On 11/20/23 08:21, Luca Boccassi wrote:
Therefore, the Debian project asks the legislators to enhance the
text of these regulations to clarify beyond any reasonable doubt that
Free and Open Source Software developers and contributors are not going
to be treated as commercial vendors in the exercise of their duties when
merely developing and publishing Free and Open Source Software, with
special emphasis on clarifying grey areas, such as donations,
contributions from commercial companies and developing Free and Open
Source Software that may be later commercialised by a commercial vendor.
It is fundamental for the interests of the European Union itself that
Free and Open Source Software development can continue to thrive and
produce high quality software components, applications and operating
systems, and this can only happen if Free and Open Source Software
developers and contributors can continue to work on these projects as
they have been doing before these new regulations, especially but not
exclusively in the context of nonprofit organizations, without being
encumbered by legal requirements that are only appropriate for
commercial companies and enterprises.
*How* do we want the grey areas to be clarified?
With the definitions above, systemd is a commercial product by Microsoft
Corporation, and fully subject to the provisions of the CRA. Microsoft
is not a nonprofit organization, and it is not inappropriate to subject
them to "legal requirements that are only appropriate for commercial
companies and enterprises."
If we want the "Free and Open Source Software developers and
contributors" associated with the systemd project to be able to
"continue to work on these projects as they have been doing before these
new regulations", then there needs to be a reason why they should be
included in the FOSS exception, and we need to spell this out *to the
people involved in the legislative process*, not just insinuate that
there might be additional criteria they may have missed and leave them
guessing what they might be.
I have gathered that we *do* want Amazon's aws-cli and Microsoft's
azure-cli to be covered by CRA, because these are obviously products
that are part of a commercial cloud computing product, even if their
source code is publicly hosted on GitHub (owned by Microsoft) and they
accept contributions from outside their organization. The same applies
to systemd, unless we provide a reason for it not to different:
- Should this be based on the license used?
We've established in this thread that the answer is "no".
- Should this be based on the employment status of the person making
releases?
We've established in this thread that the answer is "no".
- Should this be based on whether the release tag's author information
uses a private or organizational email address?
I'm running out of ideas here.
I think the Debian project itself is not in danger, but some of our
upstreams are, especially faster-paced ones that require full-time
developers to keep up, or ones that have "consulting" constructs
attached to them where you can pay one of the lead developers for
implementing a particular feature, but that is not lucrative enough for
a full-time position yet?
Simon
